drferrari Posted February 9, 2016 Posted February 9, 2016 How can I get this(filter_field[1]=1) array from url: www.domainanme.com/advanced_filters_search_result.php?filter_field[1]=1 I try use this but with no luck: 1) tep_get_all_get_params($parameters) 2) $parameters I need it in split_page_results.php file for (page 1, 2, link)
tgely Posted February 9, 2016 Posted February 9, 2016 JSON mode is a comfort way. Use JSON encoded params for it. osCommerce based shop owner with minimal design and focused on background works. When the less is more.Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store.
♥kymation Posted February 9, 2016 Posted February 9, 2016 $filters_array = $_GET['filter_field']; $filter_field_1 = $filters_array['1']; Don't trust that data if on the catalog side. Filter it to prevent hacking. Regards Jim See my profile for a list of my addons and ways to get support.
drferrari Posted February 9, 2016 Author Posted February 9, 2016 @@kymation, what do you mean? I found this code: function tep_get_all_get_params($exclude_array = '') { global $_GET; if (!is_array($exclude_array)) $exclude_array = array(); $get_url = ''; if (is_array($_GET) && (sizeof($_GET) > 0)) { reset($_GET); while (list($key, $value) = each($_GET)) { if ( ((is_string($value) && (strlen($value) > 0)) || (is_array($value) && (!empty($value)))) && ($key != tep_session_name()) && ($key!= 'error') && (!in_array($key, $exclude_array)) && ($key != 'x') && ($key != 'y') ) { if (is_array($value)) { $get_url .= $key . '[]=' . rawurlencode(stripslashes($value[0])) . '&'; }else{ $get_url .= $key . '=' . rawurlencode(stripslashes($value)) . '&'; } } } } return $get_url; } but I take only, www.domainname.com/advanced_filters_search_result.php?filter_field[]=&page=2 I need this www.domainname.com/advanced_filters_search_result.php?filter_field[1]=1&page=2 any idea?
♥kymation Posted February 9, 2016 Posted February 9, 2016 The code that I showed will give you the raw variable that you said you wanted. I did not show the added security that you would need to use it. Regards Jim See my profile for a list of my addons and ways to get support.
drferrari Posted February 10, 2016 Author Posted February 10, 2016 @@kymation I use this: advanced_filters_search_result.php?filter_field[]=2&filter_field[]=16 and I solve my problem. What kind of security I would need to use?
MrPhil Posted February 10, 2016 Posted February 10, 2016 What kind of security I would need to use? Basically, any time you receive data from a visitor, especially (but not limited to) "GET" data, you shouldn't blindly trust that it won't contain something malicious. You have to consider how that data is used in your application, and how someone might put something nasty in it. As a simple example, say this data will be used as part of an SQL query. If your code doesn't do adequate filtering and suppression or escaping of certain characters used in a query, it could "inject" something undesirable into your database query and either expose other customers' data to the hacker, or do damage to your database. Another example might be something that will be displayed as HTML output. If you didn't scrub it for things like iframe or script tags, anyone viewing that output could be taken to another site, perhaps one pretending to be your store (and capturing credit card information, etc.).
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.